[CI] ReservedRealmIntegTests & NativeRealmIntegTests failures because of "incorrect password hashing algorithm" #31670
Description
I suspect this is related to #31234
Build failure log:
https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+master+intake/2222/
They both reproduce for me locally, although the second one takes a few more iterations. I'm going to mute both tests.
./gradlew :x-pack:plugin:security:test -Dtests.seed=2A5C17AE002ED323 -Dtests.class=org.elasticsearch.xpack.security.authc.esnative.ReservedRealmIntegTests -Dtests.method="testChangingPassword" -Dtests.security.manager=true -Dtests.locale=und -Dtests.timezone=America/Boa_Vista
ERROR 14.6s | ReservedRealmIntegTests.testChangingPassword <<< FAILURES!
> Throwable #1: java.lang.IllegalArgumentException: incorrect password hashing algorithm [PBKDF2] used while [BCRYPT] is configured.
> at __randomizedtesting.SeedInfo.seed([2A5C17AE002ED323:4C2A4F5B61B82A1E]:0)
> at org.elasticsearch.xpack.security.action.user.TransportChangePasswordAction.doExecute(TransportChangePasswordAction.java:49)
> at org.elasticsearch.xpack.security.action.user.TransportChangePasswordAction.doExecute(TransportChangePasswordAction.java:25)
> at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:143)
> at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$0(SecurityActionFilter.java:92)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:181)
> at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:173)
> at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:167)
> at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:155)
> at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:183)
> at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:161)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:172)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:205)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:216)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:170)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:131)
> at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:101)
> at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:160)
> at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:113)
> at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:141)
> at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:119)
> at org.elasticsearch.action.support.HandledTransportAction$TransportHandler.messageReceived(HandledTransportAction.java:70)
> at org.elasticsearch.action.support.HandledTransportAction$TransportHandler.messageReceived(HandledTransportAction.java:65)
> at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler$1.doRun(SecurityServerTransportInterceptor.java:259)
> at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
> at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:135)
> at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.lambda$messageReceived$0(SecurityServerTransportInterceptor.java:308)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.lambda$inbound$2(ServerTransportFilter.java:148)
> at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:173)
> at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:167)
> at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:155)
> at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.lambda$inbound$3(ServerTransportFilter.java:150)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$writeAuthToContext$23(AuthenticationService.java:432)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.writeAuthToContext(AuthenticationService.java:441)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.finishAuthentication(AuthenticationService.java:422)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeUser(AuthenticationService.java:363)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$14(AuthenticationService.java:294)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.core.common.IteratingActionListener.onResponse(IteratingActionListener.java:102)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$11(AuthenticationService.java:267)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.handleResult(CachingUsernamePasswordRealm.java:148)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.lambda$authenticateWithCache$2(CachingUsernamePasswordRealm.java:118)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.common.util.concurrent.ListenableFuture.lambda$notifyListener$1(ListenableFuture.java:90)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:514)
> at java.util.concurrent.FutureTask.run(FutureTask.java:264)
> at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:135)
> at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118)
> at org.elasticsearch.common.util.concurrent.ListenableFuture.notifyListener(ListenableFuture.java:85)
> at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:53)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.authenticateWithCache(CachingUsernamePasswordRealm.java:113)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.authenticate(CachingUsernamePasswordRealm.java:80)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$13(AuthenticationService.java:262)
> at org.elasticsearch.xpack.core.common.IteratingActionListener.onResponse(IteratingActionListener.java:99)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$11(AuthenticationService.java:279)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.handleResult(CachingUsernamePasswordRealm.java:163)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.lambda$authenticateWithCache$2(CachingUsernamePasswordRealm.java:118)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.common.util.concurrent.ListenableFuture.lambda$notifyListener$1(ListenableFuture.java:90)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:514)
> at java.util.concurrent.FutureTask.run(FutureTask.java:264)
> at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:135)
> at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118)
> at org.elasticsearch.common.util.concurrent.ListenableFuture.notifyListener(ListenableFuture.java:85)
> at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:53)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.authenticateWithCache(CachingUsernamePasswordRealm.java:113)
> at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.authenticate(CachingUsernamePasswordRealm.java:80)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$13(AuthenticationService.java:262)
> at org.elasticsearch.xpack.core.common.IteratingActionListener.run(IteratingActionListener.java:81)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeToken(AuthenticationService.java:298)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$extractToken$9(AuthenticationService.java:234)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.extractToken(AuthenticationService.java:244)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$0(AuthenticationService.java:178)
> at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
> at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:294)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:174)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:205)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:216)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:170)
> at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:131)
> at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:101)
> at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.inbound(ServerTransportFilter.java:129)
> at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.messageReceived(SecurityServerTransportInterceptor.java:315)
> at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:63)
> at org.elasticsearch.transport.TcpTransport$RequestHandler.doRun(TcpTransport.java:1667)
> at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
> at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:135)
> at org.elasticsearch.transport.TcpTransport.handleRequest(TcpTransport.java:1625)
> at org.elasticsearch.transport.TcpTransport.messageReceived(TcpTransport.java:1489)
> at org.elasticsearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:62)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
> at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
> at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:297)
> at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:413)
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
> at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:241)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
> at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935)
> at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134)
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
> at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
> at java.lang.Thread.run(Thread.java:844)
And the second one:
./gradlew :x-pack:plugin:security:test -Dtests.seed=2A5C17AE002ED323 -Dtests.class=org.elasticsearch.xpack.security.authc.esnative.NativeRealmIntegTests -Dtests.method="testCreateAndChangePassword" -Dtests.security.manager=true -Dtests.locale=sr-Latn -Dtests.timezone=HST
java.lang.IllegalArgumentException: incorrect password hashing algorithm [PBKDF2_1000] used while [BCRYPT] is configured.
at __randomizedtesting.SeedInfo.seed([2A5C17AE002ED323:50D4F88F2FCC56BB]:0)
at org.elasticsearch.xpack.security.action.user.TransportChangePasswordAction.doExecute(TransportChangePasswordAction.java:49)
at org.elasticsearch.xpack.security.action.user.TransportChangePasswordAction.doExecute(TransportChangePasswordAction.java:25)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:143)
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$0(SecurityActionFilter.java:92)
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:181)
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:173)
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:167)
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:155)
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:183)
at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:161)
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$writeAuthToContext$23(AuthenticationService.java:432)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.writeAuthToContext(AuthenticationService.java:441)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.finishAuthentication(AuthenticationService.java:422)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeUser(AuthenticationService.java:363)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$14(AuthenticationService.java:294)
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
at org.elasticsearch.xpack.core.common.IteratingActionListener.onResponse(IteratingActionListener.java:102)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$consumeToken$11(AuthenticationService.java:267)
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.handleResult(CachingUsernamePasswordRealm.java:140)
at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.lambda$authenticateWithCache$2(CachingUsernamePasswordRealm.java:118)
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
at org.elasticsearch.common.util.concurrent.ListenableFuture.lambda$notifyListener$1(ListenableFuture.java:90)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:624)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)